A couple of days ago, my coworker Roey Wullman wrote this article: Claude Code Sandboxing: Stop Babysitting Your AI Assistant (published in Develeap’s Magazine).
This morning, I saw the latest announcement by Anthropic: Introducing Cowork | Claude, then read the comments on Hacker News. Some of the comments discussed how secure Cowork is (or isn’t) and how it’s sandboxing works. Then other comments mentioned different approaches of sandboxing Claude Code (e.g. this comment and these comments).
Ways to Sandbox Claude Code
- Claude Code Sandboxing: Stop Babysitting Your AI Assistant - Develeap
- nezhar/claude-container: Container workflow for Claude Code. Complete isolation from host system while maintaining persistent credentials and workspace access.
- ashishb/amazing-sandbox: Amazing Sandbox - inspired from https://ashishb.net/programming/run-tools-inside-docker/
- dagger/container-use: Development environments for coding agents. Enable multiple agents to work safely and independently with your preferred stack.
- mensfeld/claude-on-incus: Run coding agents in isolated Incus containers with session persistence, workspace isolation, and multi-slot support.
Featured image by Markus Spiske on Unsplash.
